Privacy Policy

The existence of this Privacy Policy is a commitment from PT Privy Identity Digital (hereinafter referred to as "Privy") to respect and protect any User's personal data or information through the https://privy.id site, its derivative sites, as well as the Privy Application (hereinafter referred to as “Site” and “Application” respectively). This Privacy Policy applies only to Privy services, including but not limited to PrivySign and PrivyPass (hereinafter referred to as the “Privy Service”). This Privacy Policy is intended to provide Privy Users with information about how Privy collects, uses, shares, processes, and secures User’s personal data for Privy Services. By using the Privy Services, Users understand that Privy will collect and use User information as described in this Privacy Policy. The use of Privy is managed by the Privacy Policy and the Terms of Use. The definition used in this Policy refer to the definition explained in the PrivySign Service Terms of Use.

Privy will notify Users if there is a changes to this Privacy Policy by uploading them on the Site and/or writing down the date of the last privacy policy update.

1. INFORMATION COLLECTED BY PRIVY

Privy may collect Personal Data of Privy Users, which are as follows:

Data that Privy request from Users

When the User creates a Privy Account, the User is required to provide Basic Data, including but not limited to Personal Data information consisting of full name, date of birth, User Identity Card (KTP), or other identity cards (including the information contained therein), cell phone numbers, e-mail addresses, and biometric data. To create a Privy Account and use Privy Services, User are required to provide Privy with some information and Personal Data in a true, clear, accurate, and complete manner to Privy. If the User does not provide the Personal Data required at this point or provides statements and guarantees, information, or Personal Data that is untrue, unclear, inaccurate, or incomplete, then Privy has the right to refuse the application for creating a Privy Account for that User and suspend or terminate in part or in full of the Privy Services provided to Users.

Data that Privy collects automatically

When User uses Privy Services, Privy will automatically collect Personal Data such as IP Addresses, login information, geolocation, client browser & version, timestamp of activities, operating system, and User transaction data related to the use of Privy Services.

User-provided data

When the User uses Privy Services, including Privy Services through Third Parties, Users may provide other Personal Data (other than those referred to in points a and b above) to Privy from time to time.

Data that Privy collects from Third Parties

User can create a Privy Account through a Third Party to access or use the services provided by that Third Party. The third-party that provides the Privy Account creation service is the registration authority. The registration authority will then forward the Personal Data information that the User provided at the time of registration to Privy to create a User's Privy Account.

Cookies

Privy uses cookies as long as the User uses the Privy Service, in improving the quality of the Privy service, to recognize and remember certain information on the User's browser including session management, service personalization, and user activity recording. The User can choose to disable cookies in the User's browser, but if the user disables cookies, certain functions of the Site's services will be limited.

2. USE OF PERSONAL DATA

The Personal Data that the User provides will be used to provide product services from Privy, such as:

1. Issue PrivyID, create a Privy Account, and issue, manage and revoke Electronic Certificates issued by Privy.
2. Collect, record, and analyze data related to the activity of using the Privy Services.
3. Provide information related to the use of the User's Privy Account, such as information on the use of services and information in the form of promotions.
4. Repair and improve products and services to Privy Users.

3. PERSONAL DATA SHARED

Privy will openly disclose User’s Personal Data information, including but not limited to Personal Data, which is contained in the Privy Account and/or contained in the Electronic Certificate issued by Privy as necessary in order to fulfill the Privy Service used by the User. Privy does not sell and/or share a User's Personal Data with other parties without the User's consent. Privy guarantees that only User, Third Parties, and/or other parties with which the User consents, can access and/or view the uploaded Electronic Documents or Personal Data contained in the User's Privy Account.
In the event that the User gives consent to the Third Party to use the Privy Account to access or use the services provided by the Third Party, the use of the User's Personal Data by the Third Party is subject to the terms and conditions and/or privacy policy of the Third Party. In addition to the above provisions, Privy may disclose User Personal Data to:

1. Other Users, as parties who are in direct contact with Users in connection with User use of the Privy Services;
2. Individuals, organizations, entities, or government authorities where Privy has an obligation to comply with law and regulation, in the context of law enforcement processes or taking preventive actions in connection with illegal activities, suspected criminal acts, violations of law, or law and regulation;
3. Agents, contractors, or Third Parties who provide services to Privy so that Privy can provide services to its Users in connection with the use of such User's Personal Data. Such agents, contractors, or Third Parties provide services to Privy in the form of verification, authentication, analysis, promotion, fraud detection, payment, or other customer support services. Privy ensures that such agents, contractors, or Third Parties will only use User’s Personal Data as necessary to support Privy Services; and
4. Organizations or Legal Entities with which the User is associated and registered with him through the Privy Service.

4. SECURITY OF USER PERSONAL DATA

Privy takes security and storage efforts with great care to protect the confidentiality of User's Personal Data from time to time. Any content uploaded and sent by Users to the Privy Service will be stored securely and sent confidentially using industry standards for securing electronic information. Privy sets high standards for information security, please note that Privy is ISO 27001:2013 certified regarding Information Security Management systems.
The User is responsible for maintaining the confidentiality of the User's Privy Account details, including the User's password and One Time Password (OTP) that Privy may send to the User from time to time to anyone, and must always maintain and be responsible for the security of the device that the User uses to access Privy Service.

5. DATA STORAGE

Privy retains the User's Personal Data for the period required for the purposes of processing the Personal Data. In addition, the storage of the User's Personal Data is carried out in accordance with the provisions of the prevailing law and regulation.

6. USER RIGHTS

Access Request

The User has the right to access the User's Personal Data stored on the User's Privy Account.

Change Request

The user has the right to change the User’s Personal Data stored on Privy. Changes, additions, or updates of information and Personal Data in the form of Basic Data can only be made by giving notification to Privy through Privy's contact. Meanwhile, for categories other than Basic Data, this can be done through the Privy Application. Privy reserves the right to request supporting documents and/or verify changes, additions, or updates to such information and Personal Data in accordance with Privy's procedures.

Removal Request

Based on the User’s request, Privy will delete the User's Personal Data from the Privy system. Before the deletion of Personal Data can be processed, the User must fulfill the verification requirements carried out by Privy. Privy has the right to ask for reasons for deleting Personal Data from Users. The request for deletion of Basic Data can only made by giving notification to Privy through Privy's contact. Meanwhile, for categories other than Basic Data, this can be done through the Privy Application. The impact of deleting Basic Data is the closure of the Privy Account.

Requests for User rights and further questions regarding how Privy operates its Privacy Policy can be submitted through a notification from the User to Privy as described below.

7. LIMITATION OF LIABILITY

User will release, hold harmless, give compensation, and defend Privy, including any officers, directors, employees, or agents of Privy from and against any and all requests, claims, losses, responsibility, liabilities, costs, damages, and expenses (including but not limited to legal fees and compensation expenses) resulting directly or indirectly from:

1. any loss due to Personal Data that is intercepted, bugged, accessed, stolen, disclosed, changed, or destroyed by an unauthorized third party, due to factors beyond Privy's control and/or contrary to this Privacy Policy and the prevailing law and regulation, including those resulting from User error or negligence; or
2. collection, use, maintenance, sharing, or disclosure of data and information carried out on sites or applications owned, managed, and/or operated by Third Parties.

8. APPLICABLE LAW AND DISPUTE RESOLUTION

1. These Terms of Use are regulated and interpreted based on the laws of the Republic of Indonesia
2. Users and Privy agree that all disputes or conflict arise from or related to matters regulated in this Privacy Policy (including all disputes or conflict caused by an illegal act or violation of one or more of the terms and conditions in the Terms of Use ("Disputes") will be resolved in the following manner:
   • One of the parties, either User or Privy ("First Party") is required to provide written notification to the other party ("Second Party") regarding the occurrence of a Dispute ("Dispute Notification"). Disputes must be resolved by deliberation to reach consensus within thirty (30) calendar days from the date of the Dispute Notification (“Deliberative Settlement Period”);
   • If the dispute cannot be resolved by deliberation and consensus until the end of the Deliberative Settlement Period, the First Party and the Second Party agree that the Dispute will be referred to and resolved by the Indonesian National Arbitration Board (“BANI”) according to the rules of arbitration procedure at BANI which is located at Wahana Graha Floor 1 and 2, Jl. Mampang Prapatan No. 2 Jakarta 12760, with the following conditions:
     • The language used in the arbitration is Bahasa Indonesian;
     • The place of arbitration is in Jakarta, Indonesia;
     • The First Party and the Second Party will jointly appoint one (1) arbitrator who will be the sole arbitrator to settle the dispute;
     • Arbitration costs and legal fees must be borne by the losing party; and
     • The arbitration award is final and binding on the First Party and the Second Party.

9. LANGUAGE

In these Privacy Policy are display in a various of language options, and there is a mismatch between one language and another, the Bahasa Indonesian text will prevail.

10. CONTACT AND NOTIFICATIONS

Notice from Privy

Any notification from Privy addressed to User will be announced through the Site and sent via electronic mail (email), short message service (SMS), or push notifications through the Privy Application installed on the User's device registered with Privy.

Notice from User

Any notification from a User addressed to Privy becomes effective when the notification is received by Privy via the electronic mail address (e-mail address) helpdesk@privy.id and/or through a physical document sent to PT Privy Identity Digital with the address Jl. Kemang Raya No. 34L, 2nd Floor, Bangka Village, Mampang Prapatan District, South Jakarta 12730, Indonesia.